With a matter of days until the European Union’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018, U.S. companies are scrambling to make sure they’re in compliance. Many are still unclear about whether the GDPR applies to them. The GDPR is a sweeping update to privacy laws in the EU and is much broader than most data privacy laws in the U.S. It adds previously unregulated data types, like location and IP address, to the list of protected information like name and credit card details.
Does the GDPR Apply to Your Business?
- offering goods or services in an EU language or currency;
- allowing EU data subjects to place orders in the local language; or
- marketing their goods or services to EU customers.
While any U.S. company with an online store could be affected, other types of companies that could be impacted include hospitality, travel and software companies.
How to Become GDPR-Compliant
Here are a few key points to think about while making your business GDPR-compliant:
- Be transparent in data practices. The GDPR requires that individuals be made aware that their personal data is being processed. Companies must clearly and plainly state who will process data, how they will handle it and why they are using it.
- Be diligent with deletions. Under the GDPR, people have the “right to be forgotten,” or the right to ask companies to delete all stored information. Once requested, the information must be deleted “without undue delay.”
Understanding the Consequences
Determining whether your business must comply with the GDPR requires careful analysis and has steep financial consequences if done incorrectly. If you think you can afford to ignore the GDPR, think again. There are big fines for non-compliance: 20 million Euro, or 4% of annual profits, whichever is greater. However, there are still questions about how the GDPR will be enforced in the U.S., and enforcement will depend on a company’s presence in the EU. For companies with little market presence in the EU, it’s still unclear whether the Federal Trade Commission (which currently serves as the data protection watchdog in the U.S.) will enforce the GDPR, and if so, to what extent.
KJK can help businesses determine whether they need to comply with the GDPR, and where necessary, craft an approach tailored to your business. To discuss whether the GDPR applies to your company or strategies to make your business GDPR compliant, please contact Jennifer M. Hart at 216.736.7208 or firstname.lastname@example.org or Kyle A. Hutnick at 216.736.7243 or email@example.com.